SHIRO 안전 프레임 워 크 소개 및 사용
8421 단어 shiro 로그 인 인증 및 권한 관리
shiro: 작업 중 대상 및 방법
도입 의존
org.apache.shiro
shiro-spring-boot-web-starter
application. properties 에 shiro 설정
#shiro
#
shiro.loginUrl=/safty/login/toLogin
#shiro
shiro.successUrl=/safty/home/toHome
#
shiro.unauthorizedUrl=/safty/login/toLogin
# shiro session HttpSession shiro
shiro.userNativeSessionManager=true
#
#logging.level. =debug
사용자 정의 Realm
package com.johe.scgcxx.base;
import java.text.MessageFormat;
import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;
import com.johe.scgcxx.dto.Curr_User;
import com.johe.scgcxx.dto.Menu;
import com.johe.scgcxx.model.Sys_Module;
import com.johe.scgcxx.model.Sys_User;
import com.johe.scgcxx.service.base.ShiroService;
@Configuration
public class DefaultShiro {
//
private static final Logger LOG = LoggerFactory.getLogger(DefaultShiro.class);
/**
* Bean authorizer
*/
@Bean("authorizer")
@Autowired
public AuthorizingRealm saftyRealm(ShiroService shiroService) {
return new AuthorizingRealm() {
/**
* ,shiro
* shiro
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//
Curr_User currUser = (Curr_User) principals.getPrimaryPrincipal();//
//
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
// ,
List
로그 인 및 종료 (ResultUtils 는 사용자 정의 MAP 결 과 를 되 돌려 줍 니 다. * * Service 는 사용자 정의 업무 작업 입 니 다)
package com.johe.scgcxx.controller.safty;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import com.johe.scgcxx.base.Constants;
import com.johe.scgcxx.base.ResultUtils;
import com.johe.scgcxx.dto.Curr_User;
import com.johe.scgcxx.dto.Menu;
import com.johe.scgcxx.dto.Sys_User;
import com.johe.scgcxx.service.safty.SaftyLoginService;
// -
@Controller
public class SaftyLoginController {
@Autowired
private SaftyLoginService saftyLoginService;
@RequestMapping("/safty/login/doLogin")
@ResponseBody
public ResultUtils toLogin(@RequestBody Sys_User user,HttpSession session) {
try {
Subject subject = SecurityUtils.getSubject();
//
UsernamePasswordToken token = new UsernamePasswordToken(user.getU_id(), user.getU_pwd());
// ( realm )
subject.login(token);
//
if (subject.isAuthenticated()) {
//
Curr_User currUser = (Curr_User)subject.getPrincipal();
// session
subject.getSession().setAttribute(Constants.SESSION_CURR_USER_ATTR, currUser);
System.out.println(user.getU_id()+": ==== ");
return ResultUtils.successResult();
}
return ResultUtils.failResult(" !!!");
} catch (UnknownAccountException e) {
return ResultUtils.failResult(" !");
} catch (IncorrectCredentialsException e) {
return ResultUtils.failResult(" !");
} catch (LockedAccountException e) {
return ResultUtils.failResult(" !");
}catch (Exception e) {
e.printStackTrace();
return ResultUtils.failResult(" !");
}
}
@DeleteMapping("/safty/home/doLogout")
@ResponseBody
public ResultUtils toLogout() {
try {
// shiro session
SecurityUtils.getSubject().logout();
return ResultUtils.successResult();
} catch (Exception e) {
return ResultUtils.failResult(" !!!");
}
}
}
shiro 권한 캐 시 설정 (매번 루트 에 대한 권한 조회 검증 이 필요 없 음 (같은 루트 는 처음 들 어 갈 때 만 검증)
// : Shiro realm
// shiro
@Bean
protected CacheManager shiroCacheManager() {
return new MemoryConstrainedCacheManager();
}